New data comparing ineffectiveness of antivirus products

There’s really no good news here for antivirus vendors, or their customers.

Cyveillance, which touts itself as “a world leader in cyber intelligence”, has a press release announcing a study that seems to reveal the (really) bad news.

[T]raditional antivirus (AV) vendors continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving threats on the Internet. Cyveillance testing shows that even the most popular AV signature-based solutions detect on average less than 19% of malware threats. That detection rate increases only to 61.7% after 30 days.


Here’s the graphic:

cyveillance_malware_chart.jpg

(the report is available here for those not squeemish about giving up their e-mail address to the company.)

Putting aside for the moment the fact that any company with “cyber” in its name is probably run by a bunch of opportunistic grifters who would have worn liesure suits if they’d been alive during the 70’s, this data is consistent with statements made by reputable analysts in the computer security field over the last 5 years.

The Register has picked up the story in an article entitled, Anti-virus defences even shakier than feared: Security firms attack ‘flawed’ tests. Reporting on the push back from others in the field, it was pretty clear that while they questioned the details of the report (mostly stressing that Cyveillance’s testing had only considered the signature detection capabilities of their products) none of those interviewed could dispute the basic proposition that “Anti-virus products miss a lot of malware.”

My professional opinion is that the 800 pound gorilla in the room is that the predominant desktop platform out there is a malware magnet that’s made to order for exploits. An AV solution is a band-aide. It can’t address the more basic problem of an inherently insecure operating system.